12.Nginx介紹,安裝,配置默認虛擬主機,重定向
12.5 Nginx介紹
官網:nginx.org
因為nginx處理靜態文件的能力要比apache好很多,所以很多企業在建站的時候一般都是用java寫的,然後會選擇tomcat,但是tomcat處理靜態文件的能力不是太好就會疊加選擇nginx。
nginx特點:
體積小
處理能力強
並發高
可擴展性好
Nginx應用場景:
web服務 反向代理 負載均衡 Nginx著名分支,淘寶基於Nginx開發的Tengine,使用上和Nginx一致,服務名,配置文件名都一樣,和Nginx的最大區別在於Tenging增加了一些定制化模塊,在安全限速方面表現突出,另外它支持對js,css合並 Nginx核心+lua(開發語言)相關的組件和模塊組成了一個支持lua的高性能web容器openresty,參考http://jinnianshilongnian.iteye.com/blog/2280928
12.6 下載配置安裝Nginx
1.下載解壓
[root@xavi php-5.6.30]# cd /usr/local/src
[root@xavi src]# wget http://nginx.org/download/nginx-1.12.1.tar.gz
[root@xavi src]# tar zvxf nginx-1.12.1.tar.gz
2.進入安裝源碼包,配置,make&make install
[root@xavi src]# cd nginx-1.12.1/ [root@xavi nginx-1.12.1]# ./configure --prefix=/usr/local/nginx
Nginx目錄,四個目錄: conf , html , logs , sbin
-
[ ] conf:nginx配置文件
-
[ ] html:主頁樣例文件
-
[ ] logs:站點日誌
- [ ] sbin:核心進程文件
[root@xavi nginx-1.12.1]# ls /usr/local/nginx conf html logs sbin [root@xavi nginx-1.12.1]# ls /usr/local/nginx/conf fastcgi.conf koi-utf nginx.conf uwsgi_params fastcgi.conf.default koi-win nginx.conf.default uwsgi_params.default fastcgi_params mime.types scgi_params win-utf fastcgi_params.default mime.types.default scgi_params.default [root@xavi nginx-1.12.1]# ls /usr/local/nginx/html 50x.html index.html [root@xavi nginx-1.12.1]# ls /usr/local/nginx/logs/ [root@xavi nginx-1.12.1]# ls /usr/local/nginx/sbin/ nginx [root@xavi nginx-1.12.1]# ls /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx
測試配置語法錯誤nginx -t
[root@xavi nginx-1.12.1]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
3.Nginx配置
3.1 制作啟動腳本
[root@xavi nginx-1.12.1]# vim /etc/init.d/nginx
//增加以下內容:
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
3.2 更改權限
chmod 755 /etc/init.d/nginx
3.3 配置開機啟動
chkconfig --add nginx
chkconfig nginx on
[root@xavi nginx-1.12.1]# chmod 755 /etc/init.d/nginx
[root@xavi nginx-1.12.1]# chkconfig --add nginx
[root@xavi nginx-1.12.1]# chkconfig nginx on
3.4 編輯配置文件
cd /usr/local/nginx/conf/
mv nginx.conf nginx.conf.bak //不使用系統自帶的配置模板,把自帶的備份下
vim nginx.conf
//拷貝如下配置文件:
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip ‘$remote_addr $http_x_forwarded_for [$time_local]‘
‘ $host "$request_uri" $status‘
‘ "$http_referer" "$http_user_agent"‘;
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
3.5 配置詳解:
參考文章:http://www.okay686.cn/510.html
user nobody nobody; 運行服務的用戶是誰
worker_processes 2;定義子進程的數量
worker_rlimit_nofile
51200;最多可以打開多少個文件worker_connections 6000;允許最大的連接數
server; 下面對應的就是虛擬主機配置
server_name localhost;定義網站的域名
root /usr/local/nginx/html;定義網站的根目錄
location ~ .php$;配置解析PHP
fastcgi_pass unix:/tmp/php-fcgi.sock;監聽端口或者監聽socket,通過此命令去執行
fastcgi_pass 127.0.0.1:9000;(或者攜程這種方式,服務器IP地址+端口)
3.6 啟動nginx服務
[root@xavi conf]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@xavi conf]# /etc/init.d/nginx start
Starting nginx (via systemctl): [ 確定 ]
[root@xavi conf]# ps aux |grep nginx
root 124541 0.0 0.0 20500 628 ? Ss 00:11 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 124542 0.0 0.1 25028 3508 ? S 00:11 0:00 nginx: worker process
nobody 124543 0.0 0.1 25028 3248 ? S 00:11 0:00 nginx: worker process
root 124553 0.0 0.0 112680 976 pts/0 S+ 00:11 0:00 grep --color=auto nginx
3.7 curl localhost //本地測試 nginx
vim /usr/local/nginx/html/1.php //編輯一個測試php頁面
[root@xavi conf]# curl localhost/1.php
this is nginx test page[root@xavi conf]#
12.7 Nginx默認虛擬主機
在Nginx中也有默認虛擬主機,跟httpd類似,第一個被Nginx加載的虛擬主機就是默認主機,但和httpd不相同的地方是,它還有一個配置用來標記默認虛擬主機,也就是說,如果沒有這個標記,第一個虛擬主機為默認虛擬主機。
1.編輯修改配置文件nginx.conf,增加一句: include vhost/*.conf;
[root@xavi ~]# cd /usr/local/nginx/conf/
[root@xavi conf]# vim /usr/local/nginx/conf/nginx.conf
加入這行:include vhost/*.conf;
加入這行,意思是/usr/local/nginx/conf/vhost/下面所有以.conf結尾的文件都會加載,這樣可以把所有虛擬主機配置文件放到vhost目錄下面了
2.把server的定義刪除,為方便後續實驗
3.創建一個vhost的子目錄
[root@xavi conf]# pwd
/usr/local/nginx/conf
[root@xavi conf]# mkdir vhost
[root@xavi conf]# cd vhost/
[root@xavi vhost]# ls
[root@xavi vhost]# vim aaa.com.conf
4 創建創建vhost目錄及配置文件and虛擬server
有這個default_server標記的就是默認虛擬主機
server
{
listen 80 default_server; //有這個default_server標記的就是默認虛擬主機
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
}
5. 創建測試頁面 index.html
[root@xavi vhost]# cd /data/wwwroot/default/
[root@xavi default]# ls
[root@xavi default]# vim index.html
[root@xavi default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
6. 重載並測試
[root@xavi default]# /usr/local/nginx/sbin/nginx -s reload
[root@xavi default]# curl localhost
this is the default site.
7.訪問aaa.com,訪問沒有定義過的域名,也會訪問到aaa.com
[root@xavi default]# curl -x127.0.0.1:80 aaa.com
this is the default site.
[root@xavi default]# curl -x127.0.0.1:80 bbb.com
this is the default site.
[root@xavi default]# curl -x127.0.0.1:80 bbcb.com
this is the default site.
[root@xavi default]# tail /usr/local/nginx/conf/nginx.conf
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
include vhost/*.conf;
}
12.8 Nginx用戶認證
1. 再創建一個新的虛擬主機
[root@xavi default]# cd /usr/local/nginx/conf/vhost/
[root@xavi vhost]# vim test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location / //用戶認證等信息
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd; //密碼文件
}
}
2. yum install -y httpd //安裝httpd,也可以使用之前編譯安裝的apache2.4
[root@xavi vhost]# htpasswd -c /usr/local/nginx/conf/htpasswd xavi //創建xavi用戶
New password:
Re-type new password:
Adding password for user xavi
Apache方法:# /usr/local/apache2.4/bin/htpasswd -c /usr/local/nginx/conf/htpasswd xavi
再次創建一個新用戶,不用再用-c了
[root@xavi vhost]# htpasswd /usr/local/nginx/conf/htpasswd user1
New password:
- 查看密碼文件
[root@xavi vhost]# cat /usr/local/nginx/conf/htpasswd xavi:$apr1$mzzjFU/B$/il2XbQfytr2RPw/LuRdH0 user1:$apr1$2tDxaHTk$Imu4zmH68YrUtK0h7l2.p.
3.測試並重載配置
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -s reload
4.總結:兩句核心配置語句,auth_basic打開認證,auth_basic_user_file指定用戶密碼文件。生成密碼工具需要借助apache的htpasswd。Nginx不自帶這個工具。
5.使用curl命令來驗證
[root@xavi vhost]# curl -x127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.1
Date: Wed, 14 Mar 2018 13:47:04 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
//401狀態碼,說明訪問需要驗證
6.用戶認證測試主機
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
報錯404,找到原料文件路徑並未創建
[root@xavi vhost]# ls /data/nginx/test.com/
ls: 無法訪問/data/nginx/test.com/: 沒有那個文件或目錄
[root@xavi vhost]# mkdir -p /data/nginx/test.com
[root@xavi vhost]# echo "test.com" > /data/nginx/test.com/index.html
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
test.com
7.針對某個目錄做用戶認證,比如/admin,需要修改location後面的路徑
有時候我們需要對某個訪問目錄或者頁面進行認證,而不是全站。所以我們需要對配置文件進行更改:
[root@xavi vhost]# vim test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location /admin/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
[root@xavi vhost]# vim test.com.conf
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@xavi vhost]# curl -x127.0.0.1:80 test.com
test.com
[root@xavi vhost]# curl -x127.0.0.1:80 test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
排故過程:對摸個目錄做用戶認證,該目錄是有效的路徑,實際存在,且目錄下的測試文檔index.html下需要編輯一定內容,方便查看測試結果
[root@xavi vhost]# curl -x127.0.0.1:80 test.com
test.com
[root@xavi vhost]# curl -x127.0.0.1:80 test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin/
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
test.com
[root@xavi vhost]# mkdir /data/nginx/test.com/admin
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
test.com
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin/
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# echo "test admin dir" > /data/nginx/test.com/admin/index.html
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin/
test admin dir
8. 針對某個特殊頁面進行認證:
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
* 重載配置文件 -t&-reload
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -s reload
測試
[root@xavi vhost]# curl -x127.0.0.1:80 test.com/admin/
test admin dir
排查錯誤:找到原因是沒有創建admin.php文件
[root@xavi vhost]# curl -x127.0.0.1:80 test.com/admin.php
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin.php
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin.php
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# vim /data/nginx/test.com/admin.php
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin.php
<?php
echo "this is a test for admin.php";
12.9 Nginx域名重定向
Nginx的域名重定向與httpd類似,但更容易理解
只要Apache能實現的功能,Nginx也全部可以實現。不然也不會有那麽多企業使用nginx服務。
當我們站點有多個域名的時候,權重降低了,但是之前的域名已經被一部分人所依賴了,也不可能去通知大家新的站點,所以我們就會選擇一個主域名其它的均302跳轉過來!
1. 配置atorreid.com.conf
vim atorreid.com.conf
server
{
listen 80 default_server;
server_name atorreid.com xavi.com abc.com;
index index.html index.htm index.php;
root /data/nginx/www.torreid.com;
if ($host != ‘torreid.com‘ ) {
rewrite ^/(.*)$ http://torreid.com/$1 permanent;
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
在Nginx配置在,server_name後面可以跟多個域名,permanent為永久重定向,相當於httpd的R=301.另外還有一個常用的redirect,相當於httpd的R=302.
-t && -s reload 測試並重載配置
[root@xavi vhost]# curl -x127.0.0.1:80 www.atorreid.com/index.html -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.12.1
Date: Wed, 14 Mar 2018 15:03:15 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://torreid.com/index.html
12.Nginx介紹,安裝,配置默認虛擬主機,重定向